Why was an alert deleted by the Splunk system?

New Member

Hello everyone,

I have a problem with an alert removed without a user's action.

When I join the Splunk logs...

splunk_server = "XXX" index=_audit  host=YourHostName action=alert_deleted

...I do not see deletion events which may have occurred? Is this some action of the system? How can I identify the cause of the deletion of the alert?

Tags (2)
0 Karma